Can You Decide on CAPA?

By Dr. Scott Rudge

When things go wrong in pharmaceutical manufacturing, consequences can be dire.  Small changes in the quality of the pharmaceutical product can cause major consequences for patients in ways too numerous to list in this blog.  It can be surmised that the failure mode was not anticipated, so the manufacturer is wise to determine the cause of the failure, correct it, and prevent it from happening again.  This exercise is known as CAPA, Corrective and Preventive Actions.

There are numerous tools for determining the root causes of failures, many of these are embedded fully in software, and ICH Q9, that helps a manufacturer’s quality organization to track the resolution of CAPAs.  Fault Tree Analysis and Root Cause Analysis are two common and popular examples of these tools.  These tools help to trace the cause of a failure back to the basic characteristics of the failure.  Once these basic characteristics have been identified, they can be remediated (eliminated).

When the root cause is found, it is eliminated, and the process goes on.  The CAPA is closed and everyone waits for the next crisis or problem that needs to be fixed.  Right?

But root cause elimination, although a worthy corrective objective, does not appear to be sufficient as a preventive action.  One should consider how the root cause is to be eliminated.  And one should consider whether the manner and means of root cause elimination might lead to other failure modes.

The first consideration, how to eliminate a root cause, is a decision.  Decision analysis can be used to improve the process of choosing between multiple remediation options.  When there are multiple good options for fixing a problem, or perhaps a series of “less bad” options, it’s a good idea to do some analysis. 

First, the decision should be defined.  The required objectives that the remediation option must meet should be listed.  These should be specific and measureable.  Each option for addressing the problem should also be listed, and the “features” of each option listed, so there is little uncertainty about the option and its implementation.  Each option must fully meet all the required objectives, any option that partially addresses must be considered incomplete.  Any option that is incomplete should either 1) not be considered further, or 2) have elements added that allow the option to completely satisfy the required objectives.  All options that meet each of the required objectives is a “qualified option”.

There are often additional objectives that are less absolute that should be considered in choosing a remediation option.  These might be considered as differentiating objectives.  For example, cost may be a required objective (the remediation must be implemented within the current budget) and a differentiating objective (the least costly option, within the budget, is preferred).  These differentiating objectives should also be listed, and weighted according to their relative importance.  The objectives of all stake holders must be considered.  The weightings may be controversial among stakeholders, but with practice, an organization can learn to appropriately weight objectives. 

Qualified options can be scored according to the weighted differentiating objectives.  Each qualified option is ranked according to how it fulfills these objectives, and the score is multiplied by the weight.  The weighted scores are summed, and a “most preferred” option is identified as a result. 

But wait, there’s more.  A final check of failure modes should be made.  The last thing we want is to implement a remediation option that introduces more vulnerabilities into our systems.  A simple FMEA can be used for this.  If your organization routinely uses FMEAs and has standard criteria for scoring them, then you probably only need to perform one FMEA, and ensure no resulting risk priority numbers exceed the established threshold value for risk.  If your organization doesn’t have this experience, then you may have to perform a comparative FMEA on two or more qualified options, to gauge relative risk.

If your decision making is already perfect, then there is no need for this analysis.  Such excellent seat of the pants decision making would be useful for the rest of us to see!  For the rest of us, when new issues arise, the decision analysis can be revisited, and organizational assumptions revised, to improve the decision making in the future.  And it might be useful to have documented the options you considered, and how you selected among them. 

Lesson learned: Outsource but remain in control!

By Dr. Ray Nims

In a previous posting, we described the responsibilities of the contract giver (contractee) and the contract acceptor (contractor) in outsourced pharmaceutical quality control testing. Our blog title: "Outsource it, and fuggedaboutit?" somewhat facetiously suggested that the outsourcing of quality control testing does not transfer quality control responsibility from the contract giver to the contract acceptor.

Elizabeth Meyers and I expanded upon this theme in a recent article in BioProcess International. Our conclusion in that article was more direct: “The use, by a pharma organization, of a contract testing lab to fulfill some or all of its Quality Control testing obligations does not absolve the contractee of its overall Quality responsibility of ensuring the safety, purity, identity, efficacy, and potency of its products.”

This point was illustrated nicely in a recent warning letter published on the FDA Website. The name of the firm involved is not important to this discussion. Among the other findings was the following:

“Your firm failed to properly evaluate a contract laboratory to ensure GMP compliance of operations occurring at the contract site.”


The FDA then provided the following detail: "...we are concerned about your firm’s fundamental understanding of what is required by your Quality Unit and the regulatory expectations for a firm that enters into agreements with contract testing laboratories. Although you have agreements with other firms that may delineate specific responsibilities to each party, you are ultimately responsible for the quality of your products and the reliability of test results. Regardless of who tests your products or the agreements in place, you are required to manufacture these products in accordance with section 501(a)(2)(B) of the Act to assure their identity, strength, quality, purity, and safety."

The take-home message from this is that in the outsourcing of quality control testing, responsibility for the outsourced testing is retained by the contract giver. Responsibilities of the contract giver include the following: selecting and qualifying the contract lab, ensuring the suitability of methods used (through qualification, transfer, verification, or validation); putting in place a Quality and business agreement; scheduling and submitting samples (including communicating expectations for sample results); providing in-life guidance; and monitoring of contract lab performance.

There is no denying that fulfilling these responsibilities requires a significant and ongoing effort on the part of the contract giver. In this respect, outsourcing of quality control testing is not so different from doing that testing in-house.

Outsource it, and fuggedaboutit?

By Ray Nims

Much has been written about the rationales and advantages for outsourcing of manufacturing and/or testing services; about the selection of outsourcing partners; and about the optimization of the pharma/contractor relationship. In any pharma/contractor relationship, there are responsibilities associated with the pharma as well as contractor responsibilities. These include both business as well as compliance responsibilities. The business realities and regulatory expectations associated with the use, by a pharma company, of a contract testing organization must be considered when the decision is made to outsource. A contract testing organization desiring to provide services for a pharmaceutical must be aware of the expectations and responsibilities associated with such a partnership. The optimal and most defensible programs will be those in which the various practices to be described below are formalized within internal Quality Systems, policies, and/or standard operating procedures as well as Quality Agreements.


Responsibilities falling upon the pharmaceutical partner include: 1) the selection of the contract testing lab; 2) commissioning and providing test samples of raw materials and products for method verification (compendial methods) and method qualification (non-compendial methods); 3) instituting of a Quality Agreements, business agreement, and/or confidentiality agreement with the contractor; 4) scheduling and shipping of test samples in accordance with the requirements of the testing lab and the test system; 5) providing in-life guidance and oversight of investigations of unexpected and out of specification results; and 6) ongoing monitoring of the performance of the contract lab and its methods.

Responsibilities primarily falling upon the testing lab include: 1) attaining and maintaining GLP or GMP compliance as appropriate for the intended use of the method; 2) providing assurance that the methods offered will be available to the client over the long term; 3) responsiveness to the sponsoring pharma and adherence to the terms of the Quality and/or business agreements; 4) method validation, verification, and or qualification as appropriate for the intended use of the method; 5) control of reagent, raw material, control, and standard inventory and quality; 6) assuring secure and retrievable data archiving; and 7) retention of staff possessing the appropriate expertise for direction of operators and the methods.